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DETAILED ACTION 

1 . This office action is in response to Applicant's Request for Continued 
Examination filed on 9/1/2004. Claims 1-5, 9-10, 12-13. 15-17, 2121-22, 24-25, 27-29, 
33-34 and 36 have been amended. Claims 1-36 are pending. 



Response to Arguments 

2. Applicant's arguments with respect to amended claims have been considered but 
are moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-8, 10-20, 22-32 and 34-36 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Blakley III et al. (U.S. Patent No. 5,862,323, hereinafter 
Blakley) in view of Barry et al. (U.S. Patent No. 6,61 5,258). 

In respect to claim 1 , Blakley discloses a computing environment having a 



connection to a network, a computer program product for securely propagating security 
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credentials using a trusted master registry, the computer program product embodied on 
one or more computer-readable media and comprising: 

computer-readable program code means for establishing a secure connection 
between a client and a password synchronization agent (PSA) (see col. 3, lines 35-46); 

computer-readable program code means for validating the user with the trusted 
master registry using the transmitted user identifier and identifying secret on the request 
of the PSA (see col. 2, line 26-57); 

computer-readable program code means for receiving at the PSA from the client 
over the secure connection an identifier of a user and an identifying secret of the user 
(see Fig. 4. col. 8, lines 52-67) ; 

computer-readable program code means for validating the user with the trusted 
master registry using received user identifier and identifying secret, on request of the 
PSA (see col. 2, lines 45-67); 

computer-readable program code means for propagating the identifying secret of 
the user directly from the PSA to one or more target registries if the validation succeeds 
(see Fig. 3A col. 2, lines 24-col. 3, lines 20, col. 6, lines 40-60 and col. 7, lines 7-33, the 
limitation is met because the security server (PSA) encompasses DCE registry, see Fig. 
3A, and col. 2, lines 55-57). 

Blakley does not explicitly disclose but Barry discloses receiving at the PSA from 
the client over the secure connection during the propagation request processing and 
propagating the received identifying secret of the user directly from PSA to one or more 
target registries (see Barry col. 12, line 63-col. 13, line 13, "e.g. user changes 
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password, the new password is transmitted in real time to a server responsible for 
updating ..."). Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to incorporate the teaching of Barry's real time 
propagating of user password with the teaching of Blakley for teaching of password 
synchronization between a main data store and plurality of secondary data stores for 
more secure protection of the user identifier and identifying secret. 

In respect to claim 2, Blakley and Barry disclose the computer program product 
according to Claim 1, further comprising: 

computer-readable program code means for establishing a second secure 
connection between the PSA and the trusted master registry (see col. 1 1 , lines 27-31 ); 
and 

computer-readable program code means for using the second secure connection 
for the validating of the user (see Blakley, col. 2, lines 34-44). 

In respect to claim 3, Blakley and Barry disclose the computer program product 
according to Claim 1, further comprising: 

computer-readable program code means for establishing additional secure 
connections between the PSA and each of the target registries; and computer-readable 
program code means for using the additional secure connections for the propagating of 
the received identifying secret (see Blakley col. 8, lines 34-44). 

In respect to claim 4, Blakley and Barry disclose the computer program product 
according to Claim 1, wherein the master registry stores password synchronization 
policy information, and wherein the computer-readable program code means for 
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propagating the received identifying secret further comprises computer-readable 
program code means for identifying the target repositories using the stored password 
synchronization policy information for the user (see Blakley, col. 3, lines 54-60, col. 5, 
lines 49-62, col. 6, lines 40-60). 

In respect to claim 5, Blakley and Barry disclose the computer program product 
according to Claim 1, wherein the master registry stores password synchronization 
policy information, and wherein the computer-readable program code means for 
propagating the received identifying secret further comprises computer-readable 
program code means for identifying the target repositories using the stored password 
synchronization policy information for a user group of which the user is a member (see 
Blakley, col. 5, lines 49-62, col. 6, lines 40-60). 

In respect to claim 6, Blakley and Barry disclose the computer program product 
according to Claim 1, wherein the computer-readable program code means for 
establishing the secure connection further comprises computer-readable program code 
means for authenticating the PSA to the client (see Blakley, col. 5, lines 49-62, col. 6, 
lines 40-60). 

In respect to claim 7, Blakley and Barry disclose the computer program product 
according to Claim 2, wherein the computer-readable program code means for 
establishing the second secure connection further comprises computer readable 
program code means for authenticating the master registry to the PSA (see Blakley, col. 
2, lines 34-45). 
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In respect to claim 8, Blakley and Barry disclose the computer program product 
according to Claim 3, wherein the computer-readable program code means for 
establishing additional secure connections further comprises computer readable 
program code means for authenticating the one or more target registries to the PSA 
(see Blakley, col. 2, lines 34-45). 

In respect to claim 10, Blakley and Barry disclose the computer program product 
according to Claim 1, wherein the computer-readable program code means for 
validating further comprises computer-readable program code means for invoking an 
authenticated LDAP bind or other native authentication mechanism of the master 
registry, wherein the received identifier of the user and the identifying secret of the user 
are passed to the master registry, thereby causing the master registry to validate the 
passed identifier and identifying secret and return a result which reports a success or 
failure of the validation (see Blakley, col. 7, line 52-col. 8, line 4) . 

In respect to claim 11, Blakley and Barry disclose the computer program product 
according to Claim 1, wherein the PSA has administrative authority for performing 
operations at the one or more target registries (see Blakley, col. 1 1 , lines 27-31 ). 

In respect to claim 12, Blakley and Barry disclose the computer program product 
according to Claim 1, further comprising: 

computer-readable program code means for obtaining a new value from the user 
to be used as the propagated identifying secret if the validation succeeds (see col. 2, 
lines 15-54 and col. 7, lines 5-34); and computer-readable program code means for 
substituting this new value for the received identifying secret prior to operation of the 
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computer readable program code means for propagating (see Blakley, col. 7, line 52- 
col.8, Iine4). 

In respect to claims 13-20 and 22-24, the claim limitations are system claims that 
are substantially similar to computer readable medium claims 1-8 and 10-12. Therefore, 
claims 13-20 and 22-24 are rejected based on the similar rationale. 

In respect to claims 25-32 and 34-36, the claim limitations are method claims that 
are substantially similar to computer readable medium claims 1-8 and 10-12. Therefore, 
claims 25-32 and 34-36 are rejected based on the similar rationale. 

4. Claims 9, 21 and 33 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Blakley (U.S. Patent No. 5,862,323) in view of Barry (U.S. Patent No. 6,615,258) 
and further in view of Huynh et al. (U.S. Patent No. 6,240,1 84). 

In respect to claims 9, 21 and 33, Blakley and Barry disclose the computer 
program product according to Claim 1 , wherein the computer-readable program code 
means for validating further comprises: 

computer-readable program code means for performing a security function on 
the received identifying secret of the user, wherein the security. function comprises one 
of (i) a one-way hashing algorithm or (ii) an encryption algorithm (see col. 3, lines 9-19); 
computer-readable program code means for using the user identifier to locate a 
previously-stored identifying secret of the user which was stored by the master registry; 
and computer-readable program code means for comparing the located identifying 
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secret to a result of performing the security function (see col. 2, lines 34-45). 

Blakley does not disclose but Huynh discloses means for concluding that the 
validation succeeds if the located identified secret is identical to a result of performing 
the security function (Huynh, col. 1, lines 14-54 and col. 2, lines 27-45). Therefore, it 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to incorporate the teaching of Blakley and Barry's combine teaching of real time 
propagating plaintext password with the teaching of Huynh*s propagating encrypted 
password after validating of encrypted password succeeds so that attacker who gains 
access to the encrypted password can not readily discern the password (Huynh, col. 1, 
lines 34-37). 

Conclusion 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tongoc Iran whose telephone number is (571 ) 272- 
3843. The examiner can normally be reached on 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571) 272-3838. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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